package com.snec.oauth2.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author 猪猪
 * @since 2022/6/21
 */
@RequestMapping
@RestController
public class ResourceController {



    @GetMapping("/user/test")
//    @PreAuthorize("hasRole('user')")
    @PreAuthorize("#oauth2.clientHasRole('user')")
    public String getTest(){
        return "访问到了resource 资源 ";
    }

    @GetMapping("/api/user")
    @PreAuthorize("hasRole('user')")
    public String getTestUser(){
        return "访问到了resource 资源---User ";
    }

    @GetMapping("/resource")
//    @PreAuthorize("hasRole('root')")
    @PreAuthorize("#oauth2.clientHasRole('root')") //
    public String resource(){
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        System.out.println(authentication.toString());

        return "访问到了resource 资源 ";
    }
}
